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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent In the United 
states. 

Claims 1-19 are rejected under 35 U.S.C. 102(b) as being anticipated by Alsberg, US 
Patent No. 4,672,572. 

As per claims 1 and 11, Alsberg teaches: 

A processor operable in a plurarrty of modes, and a plurality of domains, said plurality of domains 

comprising a first domain and a second domain, the processor comprising: 

[see column 2, lines 46-49] "The invention can be briefly described as a protector device for 
entrancing the security of a computer system which includes one or more user terminals and one 
or more host computers. " 

monitoring logic operable to monitor said processor and capture diagnostic data; 

[see column 2, lines 46-53] "The protector device Includes a detection means for monitoring 
communications between terminals and host computers wherein the detection means is 
independent from the host computer and the terminals. " 

a storage element operable to contain at least one control parameter; 

[see column 4 Jines 7-9] "The security server also includes means for checking the identification 
of users of the terminals through a password-type procedure." 

control logic operable to control said monitoring logic in dependence on said at least one control 

parameter and the domain in which said processor is operating, to suppress capturing of diagnostic data 

relating to predetermined activities of said processor in said first domain. 

[see column 4, lines 10-12] "The security server provides an access-level means for limiting 
identified users to predetermined access to certain computer ports. " 

[see column 3, lines 11-18] "the detection means includes an audit trail means for storing data 
segments recorded by the audit recording means when the audit capture signal is generated. 
Also included in the detection means is a means to block the transfer of certain data identified by 
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the command filter so that such identified data is not transfenred from terminal to computer or 
computer to terminal. 



As per claims 2 and 12, Alsberg teaches: 

A processor according to claim 1 . wherein the first domain Is a secure domain and the second domain is 

a non-secure domain, said processor being operable such that when executing a program in a secure 

mode within said secure domain said program has access to secure data which is not accessible when 

said processor is operating in a non-secure mode within said non-secure domain. 

[see column 6, lines 67-68 and column 7, lines 1-4] "In addition to monitoring and controlling user 
activities, the security server also supports administrator activities, by means of an 
administrator monitor 71. Administrator activities include reading and changing the security 
database 58, analyzing the audit-trail storage 70, and monitoring cunent system status and 
controlling system activity. 



As per claims 3 and 13, Alsberg teaches: 

A processor according to claim 1 , wherein the at least one control parameter provides an indication of 

said domain of operation of the processor, said control logic being operable to suppress capturing of 

diagnostic data when said processor switches from second to first domain. 

[see column 8, lines 64-68] "In some instances it may be desirable to create more than one . 
connection at a time, although a user will generally be limited to using only one connection at a 
time in most embodiments. This may be desirable in instances where a user may be switching 
back and forth from one connection to another during a single login session. 

Connections are created using login and password as taught in the rejection of claim 1 above. 



As per claims 4 and 14, Alsberg teaches: 

A processor according to claim 1 . wherein said at least one control parameter identifies an application, 
said control logic being operable to suppress capturing of diagnostic data when said processor switches 
from an identified application in said first domain to an application in said first domain not identified by 
said at least one control parameter. 

[see column 2, lines 31-38] "It is another object of the subject invention to provide a security 
device which provides multilevel access control for each particular user to various computers, 
operating systems, or function programs available in a computer system, whereby the security 
device automatically connects the user to the particular computer, operating system, or function 
program to which the user desires access, " 
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[see column 8, lines 24-26] ''It should be recognized that other alternative sen/ices could be 
provided, depending on a particular application." 

As per claims 5 and 15, Alsberg teaches: 

A processor according to claim 1, wherein said first domain comprises a plurality of modes and said at 
least one control parameter Identifies a particular mode within said first domain, said control logic being 
operable to suppress capturing of diagnostic data when said processor switches between an identified 
mode within said first domain and a mode within said first domain not identified by said at least one 
control parameter. 

[see column 6, lines 50-56] "the occurrence of an audit capture command will cause the access 
node to transfer audit information to the audit trail module 66 via communications media between 
the access node and security server In this embodiment, the access node would be responsible 
for blocking or modifying certain information identified by the command filter. " 

As per claims 6 and 16, Alsberg teaches: 

A processor according to claim 5, wherein said plurality of modes in said first domain comprise a user 
mode and a privileged mode. 

[see rejection of claim 2, "User and Administrator'] 
As per claims 7 and 17, Alsberg teaches: 

A processor according to claim 1 , wherein said control logic is operable to control said monitoring logic to 

resume capturing of diagnostic data when said processor switches back from said predetemiined activity 

to an activity for which capturing of diagnostic data is not suppressed. 

[see column 9, lines 2-5] In the event that a user wishes to resume previously suspended 
connection, he chooses a "resume -connection command" &om the list of available sen/ices." 

As per claims 8 and 18, Alsberg teaches: 

A processor according to claim 1 , wherein said monitoring logic comprises logic operable to perform a 
debug function. 
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[see figure 5, element 74, ""audit trail analysis'] Examiner interprets the functions of an audit trail 
analysis in the Alsberg Patent to be the same as that of a debug function. 

As per claims 9 and 19, Alsberg teaches: 

A processor according to claim 1, wherein said monitoring logic comprises logic operable to perform a 
trace function. 

[see figure 5, element 66, "'audit trail recording'] Examiner interprets the functions of audit trail 
recording in the Alsberg Patent to be the same as that of a trace function. 

As per claim 10, Alsberg teaches: 

A processor according to claim 1, wherein said control logic suppresses capture of said diagnostic data 
by removing power input to the monitoring logic. 

[see column 10, lines 67-68 and column 1 1, lines 1-4] "Another type of command selection that 
the administrator typically has available includes system control commands. System-control 
commands are exemplified by the ability to force a user off the system, shut the system down, 
and send messages to all users on the system. " 



Conclusion 

The following patents, pre-grant publications and NPL are cited to further show the state of the art 
with respect to diagnostic data capture methods. 

US Patent No. 5.1 19,377 to Cobb et al.. which is cited to show a system and method for software 
error early detection and data capture. 

US PGP No. 20020174333 to Harrah et al., which is cited to show a disabling tool execution via 

roles. 

US Patent No. 6.757.829 to Laczko, Sr. et al.. which is cited to show a program debugging 
system for securing computing device having secure and non-secure modes. 



Application/Control Number: 1 0/71 4, 1 78 Page 6 

Art Unit: 2136 

US Patent No. 5,032.979 to Hecht et al., which is cited to show a distributed security auditing 

system. 

US PGP No. 20020188831 to Jackson et al., which is cited to show annotations for transaction 

tracing. 

US PGP No. 20020073328 to Daniels et al., which is cited to show security keys for enhances 
downstream access security for electronic file systems and drives. 

US Patent No. 6,574,734 to Colson et al., which is cited to show a method for securing access to 
automotive devices and software services. 

US Patent No. 6.785,822 to Sadhwani-Tully, which is cited to show a system for role based 
dynamic configuration of user profiles. 

US Patent No. 5,933,594 to La Joie et a!., which is cited to show a diagnostic system for run-time 
monitoring of computer operations. 

*. Any response to this Office Action should be faxed to (571) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 

*. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner can nonnally 
be reached on Monday - Thursday. 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) 
at 866-217-9197 (toll-free). 




Daniel L. Hoang 
12/18/06 




